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1. (currently amended) A method for restricting access to a set of physical resources 
in a distributed data processing system, the method comprising: 

in response to receipt from a user of a request to access one of the set of physical 
resources, determining a set of authorized resources for which a the user is authorized to access, 
wherein the set of authorized resources is a subset of the set of physical resources; 

obtaining , by an entitlement server, state information about the set of authorized 
resources; 

evaluating availability of the set of authorized resources by the entitlement server 
comparing the state information about the set of authorized resources against a configurable rule 
associated with one or more resources in the set of authorized resources; 

in response to evaluating availability of the set of authorized resources using the 
configurable rule, generating , by the entitlement server, a list of a set of entitled resources for the 
user, wherein the set of entitled resources is a subset of the set of authorized resources; and 

preventing the user from accessing physical resources that are in the set of authorized 
resources but that are not in the set of entitled resources. 

2. (original) The method of claim 1 further comprising: 
sending an indication of the set of entitled resources to the user. 

3. (original) The method of claim 1 further comprising: 
responding to requests for the user to access the set of entitled resources. 

4. (cancelled) 

5. (original) The method of claim 1 further comprising: 

considering user attributes of the user while evaluating availability of the set of 
authorized resources. 

6. (cancelled) 
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7. (original) The method of claim 1 further comprising: 

gathering state information for the set of resources using a distributed monitoring 
application. 

8. (currently amended) An apparatus for restricting access to a set of physical 
resources in a distributed data processing system, the apparatus comprising: 

a processor; 

a computer memory holding computer program instructions which when executed by the 
processor perform a method comprising: 

means for in response to receipt from a user of a request to access one of the set of 
physical resources, determining a set of authorized resources for which a the user is authorized to 
access, wherein the set of authorized resources is a subset of the set of physical resources; 

means for obtaining state information about the set of authorized resources; 

means for evaluating availability of the set of authorized resources by comparing the state 
information about the set of authorized resources against a configurable rule associated with one 
or more resources in the set of authorized resources; 

means for generating a list of a set of entitled resources for the user in response to 
evaluating availability of the set of authorized resources, wherein the set of entitled resources is a 
subset of the set of authorized resources; and 

means for preventing the user from accessing physical resources that are in the set of 
authorized resources but that are not in the set of entitled resources. 

9. (currently amended) The apparatus of claim 8 further comprising wherein the 
method further comprises : 

means for sending an indication of the set of entitled resources to the user. 

10. (currently amended) The apparatus of claim 8 further comprising wherein the 
method further comprises : 
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means for responding to requests for the user to access the set of entitled resources. 

1 1 . (cancelled) 

12. (currently amended) The apparatus of claim 8 further comprising wherein the 
method further comprises : 

means for considering user attributes of the user while evaluating availability of the set of 
authorized resources. 

13. (cancelled) 

14. (currently amended) The apparatus of claim 8 further comprising wherein the 
method further comprises : 

means for gathering state information for the set of resources using a distributed 
monitoring application. 

15. (currently amended) A computer program product in a computer readable medium 
for use in a distributed data processing system for restricting access to a set of physical resources, 
the computer program product holding computer program instructions which when executed by 
the distributed data processing system perform a method comprising: 

means for in response to receipt from a user of a request to access one of the set of 
physical resources, determining a set of authorized resources for which a the user is authorized to 
access, wherein the set of authorized resources is a subset of the set of physical resources; 

means for obtaining state information about the set of authorized resources; 

means for evaluating availability of the set of authorized resources by comparing the state 
information about the set of authorized resources against a configurable rule associated with one 
or more resources in the set of authorized resources; and 

means for generating a list of a set of entitled resources for the user in response to 
evaluating availability of the set of authorized resources, wherein the set of entitled resources is a 
subset of the set of authorized resources; and 
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means for preventing the user from accessing physical resources that are in the set of 
authorized resources but that are not in the set of entitled resources. 

16. (currently amended) The computer program product of claim 15 further 
comprising wherein the method further comprises : 

means for sending an indication of the set of entitled resources to the user. 

17. (currently amended) The computer program product of claim 15 further 
comprising wherein the method further comprises : 

means for responding to requests for the user to access the set of entitled resources. 

18. (cancelled) 

19. (currently amended) The computer program product of claim 15 further 
comprising wherein the method further comprises : 

means for considering user attributes of the user while evaluating availability of the set of 
authorized resources. 

20. (cancelled) 

21. (currently amended) The computer program product of claim 15 further 
comprising wherein the method further comprises : 

means for gathering state information for the set of resources using a distributed 
monitoring application. 

22. (previously presented) The method as described in claim 1 wherein the set of 
resources are identified by Uniform Resource Identifiers (URIs), and the step of preventing the 
user from accessing resources includes providing the user a web page without a URI for an 
authorized resource that is not also an entitled resource. 
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23. (previously presented) The method as described in claim 1 wherein the set of 
entitled resources for the user includes a particular authorized resource that the user is entitled to 
access as a result of the evaluating step and further as a result of a given user status being met, 
wherein the particular authorized resource, although included in the set of entitled resources for 
the user, is omitted from a list of entitled resources for another user that does not then have the 
given user status. 

24. (currently amended) The apparatus as described in claim 8 wherein the set of 
resources are identified by Uniform Resource Identifiers (URIs), and the means for step of 
preventing the user from accessing resources includes means for providing the user a web page 
without a URI for an authorized resource that is not also an entitled resource. 

25. (previously presented) The apparatus as described in claim 8 wherein the set of 
entitled resources for the user includes a particular authorized resource that the user is entitled to 
access as a result of the evaluation and further as a result of a given user status being met, 
wherein the particular authorized resource, although included in the set of entitled resources for 
the user, is omitted from a list of entitled resources for another user that does not then have the 
given user status. 

26. (currently amended) The computer program product as described in claim 15 
wherein the set of resources are identified by Uniform Resource Identifiers (URIs), and the 
means for step of preventing the user from accessing resources includes means for providing the 
user a web page without a URI for an authorized resource that is not also an entitled resource. 

27. (previously presented) The computer program product as described in claim 15 
wherein the set of entitled resources for the user includes a particular authorized resource that the 
user is entitled to access as a result of the evaluation and further as a result of a given user status 
being met, wherein the particular authorized resource, although included in the set of entitled 
resources for the user, is omitted from a list of entitled resources for another user that does not 
then have the given user status. 
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